---
---

<!doctype html>
<html>
<head>
  <meta charset="utf-8" />
  <title>{{ site.domain }}</title>
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <link rel="shortcut icon" href="/icons/favicon-blue.ico"/>
  <link rel="apple-touch-icon" href="/icons/icon-blue.png"/>
  <link rel="stylesheet" href="index.css">
  <link rel="stylesheet" href="github-ribbon.css">
  <script src="index.js"></script>

  <!-- fUnKy -->
  <link rel="stylesheet" href="funky/funky.css">
  <script src="funky/funky.js"></script>
</head>
<body>

<div class="title-bar" title="{{ site.domain }} - a memorable site for HTTPS misconfiguration">
  {{ site.domain }}
</div>

<div id="links">

<div class="column">
  <div class="group">
    <h2 id="dashboard"><span class="emoji">🎛</span>Dashboard</h2>
    <a href="/dashboard/" target="_blank" class="bullet-list"><span class="icon"></span>Dashboard</a>
  </div>
  <div class="group">
    <h2 id="certificate"><span class="emoji">🎫</span>Certificate</h2>
    <a href="https://expired.{{ site.domain }}/" class="bad"><span class="icon"></span>expired</a>
    <a href="https://wrong.host.{{ site.domain }}/" class="bad"><span class="icon"></span>wrong.host</a>
    <a href="https://self-signed.{{ site.domain }}/" class="bad"><span class="icon"></span>self-signed</a>
    <a href="https://untrusted-root.{{ site.domain }}/" class="bad"><span class="icon"></span>untrusted-root</a>
    <a href="https://revoked.{{ site.domain }}/" class="bad"><span class="icon"></span>revoked</a>
    <a href="https://pinning-test.{{ site.domain }}/" class="bad"><span class="icon"></span>pinning-test</a>
    <hr>
    <a href="https://no-common-name.{{ site.domain }}/" class="dubious"><span class="icon"></span>no-common-name</a>
    <a href="https://no-subject.{{ site.domain }}/" class="dubious"><span class="icon"></span>no-subject</a>
    <a href="https://incomplete-chain.{{ site.domain }}/" class="dubious"><span class="icon"></span>incomplete-chain</a>
    <hr>
    <a href="https://sha256.{{ site.domain }}/" class="good"><span class="icon"></span>sha256</a>
    <a href="https://sha384.{{ site.domain }}/" class="good"><span class="icon"></span>sha384</a>
    <a href="https://sha512.{{ site.domain }}/" class="good"><span class="icon"></span>sha512</a>
    <hr>
    <a href="https://1000-sans.{{ site.domain }}/" class="good"><span class="icon"></span>1000-sans</a>
    <a href="https://10000-sans.{{ site.domain }}/" class="good"><span class="icon"></span>10000-sans</a>
    <hr>
    <a href="https://ecc256.{{ site.domain }}/" class="good"><span class="icon"></span>ecc256</a>
    <a href="https://ecc384.{{ site.domain }}/" class="good"><span class="icon"></span>ecc384</a>
    <hr>
    <a href="https://rsa2048.{{ site.domain }}/" class="good"><span class="icon"></span>rsa2048</a>
    <a href="https://rsa4096.{{ site.domain }}/" class="good"><span class="icon"></span>rsa4096</a>
    <a href="https://rsa8192.{{ site.domain }}/" class="dubious"><span class="icon"></span>rsa8192</a> 
    <hr>
    <a href="https://extended-validation.{{ site.domain }}/" class="good"><span class="icon"></span>extended-validation</a>
  </div>
  <div class="group">
    <h2 id="client-certificate"><span class="emoji">🎟</span>Client Certificate</h2>
    <a href="/download/" target="_blank" class="bullet-list"><span class="icon"></span>Certificate Downloads</a>
    <a href="https://client.{{ site.domain }}/" class="good"><span class="icon"></span>client</a>
    <a href="https://client-cert-missing.{{ site.domain }}/" class="bad"><span class="icon"></span>client-cert-missing</a>
  </div>
  <div class="group">
    <h2 id="mixed-content"><span class="emoji">🖼</span>Mixed Content</h2>
    <a href="https://mixed-script.{{ site.domain }}/" class="bad"><span class="icon"></span>mixed-script</a>
    <a href="https://very.{{ site.domain }}/" class="bad"><span class="icon"></span>very</a>
    <hr>
    <a href="https://mixed.{{ site.domain }}/" class="dubious"><span class="icon"></span>mixed</a>
    <a href="https://mixed-favicon.{{ site.domain }}/" class="dubious"><span class="icon"></span>mixed-favicon</a>
    <a href="https://mixed-form.{{ site.domain }}/" class="dubious"><span class="icon"></span>mixed-form</a>
  </div>
  <div class="group">
    <h2 id="http"><span class="emoji">✏️</span>HTTP</h2>
    <a href="http://http.{{ site.domain }}/" class="bad"><span class="icon"></span>http</a>
    <a href="http://http-textarea.{{ site.domain }}/" class="bad"><span class="icon"></span>http-textarea</a>
    <a href="http://http-password.{{ site.domain }}/" class="bad"><span class="icon"></span>http-password</a>
    <a href="http://http-login.{{ site.domain }}/" class="bad"><span class="icon"></span>http-login</a>
    <a href="http://http-dynamic-login.{{ site.domain }}/" class="bad"><span class="icon"></span>http-dynamic-login</a>
    <a href="http://http-credit-card.{{ site.domain }}/" class="bad"><span class="icon"></span>http-credit-card</a>
  </div>
  <div class="group">
    <h2 id="cipher-suite"><span class="emoji">🔀</span>Cipher Suite</h2>
    <a href="https://cbc.{{ site.domain }}/" class="dubious"><span class="icon"></span>cbc</a>
    <a href="https://rc4-md5.{{ site.domain }}/" class="bad"><span class="icon"></span>rc4-md5</a>
    <a href="https://rc4.{{ site.domain }}/" class="bad"><span class="icon"></span>rc4</a>
    <a href="https://3des.{{ site.domain }}/" class="bad"><span class="icon"></span>3des</a>
    <a href="https://null.{{ site.domain }}/" class="bad"><span class="icon"></span>null</a>
    <hr>
    <a href="https://mozilla-old.{{ site.domain }}/" class="bad"><span class="icon"></span>mozilla-old</a>
    <a href="https://mozilla-intermediate.{{ site.domain }}/" class="dubious"><span class="icon"></span>mozilla-intermediate</a>
    <a href="https://mozilla-modern.{{ site.domain }}/" class="good"><span class="icon"></span>mozilla-modern</a>
  </div>
</div><!-- class="column" -->

<div class="column">
  <div class="group">
    <h2 id="key-exchange"><span class="emoji">🔑</span>Key Exchange</h2>
    <a href="https://dh480.{{ site.domain }}/" class="bad"><span class="icon"></span>dh480</a>
    <a href="https://dh512.{{ site.domain }}/" class="bad"><span class="icon"></span>dh512</a>
    <a href="https://dh1024.{{ site.domain }}/" class="bad"><span class="icon"></span>dh1024</a>
    <a href="https://dh2048.{{ site.domain }}/" class="dubious"><span class="icon"></span>dh2048</a>
    <hr>
    <a href="https://dh-small-subgroup.{{ site.domain }}/" class="bad"><span class="icon"></span>dh-small-subgroup</a>
    <a href="https://dh-composite.{{ site.domain }}/" class="bad"><span class="icon"></span>dh-composite</a>
    <hr>
    <a href="https://static-rsa.{{ site.domain }}/" class="dubious"><span class="icon"></span>static-rsa</a>
  </div>
  <div class="group">
    <h2 id="protocol"><span class="emoji">↔️</span>Protocol</h2>
    <a href="https://tls-v1-0.{{ site.domain }}:1010/" class="dubious"><span class="icon"></span>tls-v1-0</a>
    <a href="https://tls-v1-1.{{ site.domain }}:1011/" class="dubious"><span class="icon"></span>tls-v1-1</a>
    <a href="https://tls-v1-2.{{ site.domain }}:1012/" class="good"><span class="icon"></span>tls-v1-2</a>
  </div>
  <div class="group">
    <h2 id="certificate-transparency"><span class="emoji">🔍</span>Certificate Transparency</h2>
    <a href="https://no-sct.{{ site.domain }}/" class="bad"><span class="icon"></span>no-sct</a>
  </div>
  <div class="group">
    <h2 id="upgrade"><span class="emoji">⬆️</span>Upgrade</h2>
    <a href="https://hsts.{{ site.domain }}/" class="good"><span class="icon"></span>hsts</a>
    <a href="https://upgrade.{{ site.domain }}/" class="good"><span class="icon"></span>upgrade</a>
    <hr>
    <a href="https://preloaded-hsts.{{ site.domain }}/" class="good"><span class="icon"></span>preloaded-hsts</a>
    <a href="https://subdomain.preloaded-hsts.{{ site.domain }}/" class="bad"><span class="icon"></span>subdomain.preloaded-hsts</a>
    <hr>
    <a href="https://https-everywhere.{{ site.domain }}/" class="good"><span class="icon"></span>https-everywhere</a>
  </div>
  <div class="group">
    <h2 id="ui"><span class="emoji">👀</span>UI</h2>
    <a href="https://spoofed-favicon.{{ site.domain }}/" class="dubious"><span class="icon"></span>spoofed-favicon</a>
    <a href="https://lock-title.{{ site.domain }}/" class="dubious"><span class="icon"></span>lock-title</a>
    <hr>
    <a href="https://long-extended-subdomain-name-containing-many-letters-and-dashes.{{ site.domain }}/" class="good"><span class="icon"></span>long-extended-subdomain-name-containing-many-letters-and-dashes</a>
    <a href="https://longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.{{ site.domain }}/" class="good"><span class="icon"></span>longextendedsubdomainnamewithoutdashesinordertotestwordwrapping</a>
  </div>
  <div class="group">
    <h2 id="known-bad"><span class="emoji">❌</span>Known Bad</h2>
    <a href="https://superfish.{{ site.domain }}/" class="bad"><span class="icon"></span>(Lenovo) Superfish</a>
    <a href="https://edellroot.{{ site.domain }}/" class="bad"><span class="icon"></span>(Dell) eDellRoot</a>
    <a href="https://dsdtestprovider.{{ site.domain }}/" class="bad"><span class="icon"></span>(Dell) DSD Test Provider</a>
    <a href="https://preact-cli.{{ site.domain }}/" class="bad"><span class="icon"></span>preact-cli</a>
    <a href="https://webpack-dev-server.{{ site.domain }}/" class="bad"><span class="icon"></span>webpack-dev-server</a>
  </div>
  <div class="group">
    <h2 id="chrome"><span class="emoji"><img class="chrome-icon" src="front-page-icons/chrome.svg"></span>Chrome Tests</h2>
    <a href="https://captive-portal.{{ site.domain }}/" class="bad"><span class="icon"></span>captive-portal</a>
    <a href="https://mitm-software.{{ site.domain }}/" class="bad"><span class="icon"></span>mitm-software</a>
  </div>
  <div class="group">
    <h2 id="defunct"><span class="emoji">☠️</span>Defunct</h2>
    <a href="https://sha1-2016.{{ site.domain }}/" class="dubious"><span class="icon"></span>sha1-2016</a>
    <a href="https://sha1-2017.{{ site.domain }}/" class="bad"><span class="icon"></span>sha1-2017</a>
    <a href="https://sha1-intermediate.{{ site.domain }}/" class="bad"><span class="icon"></span>sha1-intermediate</a>
    <a href="https://invalid-expected-sct.{{ site.domain }}/" class="bad"><span class="icon"></span>invalid-expected-sct</a>
  </div>
  <div class="group">
    <h2 id="test-suites"><span class="emoji">🛠</span>Test Suites</h2>
    <a href="https://testsafebrowsing.appspot.com/" target="_blank" class="external"><span class="icon"></span>Safe Browsing Tests</a>
    <a href="https://www.ssllabs.com/ssltest/viewMyClient.html" target="_blank" class="external"><span class="icon"></span>SSL Labs Client Test</a>
  </div>
  <div id="preload" style="width: 0; height: 0;">
    <!-- <link rel=preload> results in warnings in Chrome: https://crbug.com/661055 -->
    <!-- Workaround: Load the images in bogus elements. -->
    <script>
      window.addEventListener("load", function() {
        var parent = document.querySelector("#preload");
        var names = ["bad-white","dubious-white","good-white","page-white","bullet-list-white","external-white"]
        for (var i = 0; i < names.length; i++) {
          var elem = document.createElement("span");
          elem.style.backgroundImage = "url(front-page-icons/" + names[i] + ".svg)";
          parent.appendChild(elem);
        }
      });
    </script>
  </div>
</div><!-- class="column" -->

</div><!-- id="links" -->

<h2 class="your-browser">Your Browser:
  <div id="browser-info">
    <span class="highlight">
      <span id="ua"></span><br>
      <span id="os"></span><br>
    </span>
    <span id="click-to-copy">📋 Click to copy</span>
  </div>
</h2>

<!-- Start of GitHub ribbon. -->
<div class="github-fork-ribbon-wrapper right-top-bottom">
    <div class="github-fork-ribbon">
        <a href="https://github.com/chromium/badssl.com"><span class="icon"></span>On GitHub</a>
    </div>
</div>
<!-- End of GitHub ribbon. -->

</body>
</html>
